103 lines
3.9 KiB
Java
103 lines
3.9 KiB
Java
/*
|
|
* Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved.
|
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
*
|
|
* This code is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License version 2 only, as
|
|
* published by the Free Software Foundation.
|
|
*
|
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
* version 2 for more details (a copy is included in the LICENSE file that
|
|
* accompanied this code).
|
|
*
|
|
* You should have received a copy of the GNU General Public License version
|
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
*
|
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
* or visit www.oracle.com if you need additional information or have any
|
|
* questions.
|
|
*/
|
|
|
|
/**
|
|
* @test
|
|
* @bug 8301260
|
|
* @summary Check that secureValidation system property works correctly
|
|
* @library /test/lib
|
|
* @run main/othervm -Dorg.jcp.xml.dsig.secureValidation=true SecureValidationSystemProperty
|
|
*/
|
|
|
|
/**
|
|
* @test
|
|
* @bug 8301260
|
|
* @summary Check that secureValidation system property works correctly
|
|
* @library /test/lib
|
|
* @run main/othervm -Dorg.jcp.xml.dsig.secureValidation=false SecureValidationSystemProperty
|
|
*/
|
|
|
|
import java.io.File;
|
|
import javax.xml.crypto.dsig.XMLSignatureException;
|
|
import javax.xml.parsers.DocumentBuilderFactory;
|
|
import javax.xml.parsers.DocumentBuilder;
|
|
import org.w3c.dom.Document;
|
|
|
|
import jdk.test.lib.security.SecurityUtils;
|
|
import jdk.test.lib.security.XMLUtils;
|
|
import static jdk.test.lib.security.XMLUtils.Validator;
|
|
|
|
public class SecureValidationSystemProperty {
|
|
|
|
private final static String DIR = System.getProperty("test.src", ".");
|
|
private final static String DATA_DIR =
|
|
DIR + System.getProperty("file.separator") + "data";
|
|
|
|
public static void main(String[] args) throws Exception{
|
|
// Re-enable sha1 algs. We just want to make sure DSA keys less than
|
|
// 1024 bits are rejected correctly.
|
|
SecurityUtils.removeAlgsFromDSigPolicy("sha1");
|
|
|
|
String prop = System.getProperty("org.jcp.xml.dsig.secureValidation");
|
|
if (prop == null) {
|
|
throw new Exception("Secure validation system property not set");
|
|
}
|
|
boolean isSet = Boolean.parseBoolean(prop);
|
|
|
|
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
|
|
dbf.setNamespaceAware(true);
|
|
Document doc = dbf.newDocumentBuilder()
|
|
.parse(new File(DATA_DIR, "signature-enveloped-dsa-512.xml"));
|
|
Validator validator = XMLUtils.validator();
|
|
|
|
// try again and make sure system property supersedes
|
|
// XMLContext property
|
|
validator.secureValidation(!isSet);
|
|
validate(validator, doc, isSet);
|
|
}
|
|
|
|
private static void validate(Validator validator, Document doc,
|
|
boolean isSet) throws Exception {
|
|
try {
|
|
validator.validate(doc);
|
|
if (isSet) {
|
|
throw new Exception("signature expected to be rejected " +
|
|
"because it was signed with a 512-bit DSA key which is " +
|
|
"restricted");
|
|
}
|
|
} catch (XMLSignatureException e) {
|
|
if (!isSet) {
|
|
throw new Exception("signature not expected to be rejected " +
|
|
"because secure validation mode is not enabled");
|
|
} else {
|
|
Throwable cause = e.getCause();
|
|
if (cause == null || !cause.getMessage().equals(
|
|
"DSA keys less than 1024 bits are forbidden when " +
|
|
"secure validation is enabled")) {
|
|
throw new Exception("signature rejected for wrong reason", e);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|